epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 11:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Individual etcd ssl certs

Browse Source 
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
This commit is contained in:
Matthew Mosesohn
2016-12-13 09:03:35 +00:00
parent de8cd5cd7f
commit ad796d188d
13 changed files with 140 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View File

@@ -5,6 +5,7 @@ metadata:
namespace: {{system_namespace}}
labels:
k8s-app: kube-apiserver
kargo: v2
spec:
hostNetwork: true
containers:
@@ -18,8 +19,8 @@ spec:
- --etcd-servers={{ etcd_access_endpoint }}
- --etcd-quorum-read=true
- --etcd-cafile={{ etcd_cert_dir }}/ca.pem
- --etcd-certfile={{ etcd_cert_dir }}/node.pem
- --etcd-keyfile={{ etcd_cert_dir }}/node-key.pem
- --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem
- --etcd-keyfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
- --apiserver-count={{ kube_apiserver_count }}
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota